Lucene search
K

144 matches found

Cvelist
Cvelist
added 2024/03/15 6:54 p.m.38 views

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

7.5CVSS7.6AI score0.00964EPSS
Exploits1References3
OSV
OSV
added 2024/03/15 6:54 p.m.38 views

CVE-2024-28854 Slow loris vulnerability with default configuration in tls-listener

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

7.5CVSS6.5AI score0.00964EPSS
Exploits1References5
CVE
CVE
added 2024/03/15 6:54 p.m.66 views

CVE-2024-28854

tls-listener is a Rust wrapper for a TLS connection listener. The default configuration allows a malicious actor to open multiple TCP connections per second and send zero bytes, triggering a slowloris-style DoS. The issue affects public services using tls-listener with default settings in version...

7.5CVSS7.4AI score0.00964EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/03/15 12:0 p.m.18 views

RUSTSEC-2024-0341 Slow loris vulnerability with default configuration

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

7.5CVSS7.3AI score0.00964EPSS
Exploits1References3
RustSec
RustSec
added 2024/03/15 12:0 p.m.6 views

Slow loris vulnerability with default configuration

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

7.5CVSS7AI score0.00964EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.3 views

PT-2024-22607

Name of the Vulnerable Software and Affected Versions tls-listener versions prior to 0.10.0 Description The default configuration of tls-listener makes any public service using TlsListener::new vulnerable to a slow-loris DoS attack. A malicious user can open 6.4 TcpStreams a second, sending 0...

7.5CVSS6.6AI score0.00964EPSS
Exploits1References18
OSV
OSV
added 2024/03/06 10:50 a.m.145 views

BIT-APACHE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.5AI score0.70595EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/11/22 12:0 a.m.58 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Apache HTTP Server vulnerabilities (USN-6506-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6506-1 advisory. David Shoon discovered that the Apache HTTP Server modmacro module incorrectly handled certain memory operations. A remote...

7.5CVSS7.5AI score0.70595EPSS
Exploits1References4
Amazon
Amazon
added 2023/11/03 12:0 a.m.60 views

Important: httpd24

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

7.5CVSS6.8AI score0.70595EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.97 views

Amazon Linux 2 : httpd (ALAS-2023-2322)

The version of httpd installed on the remote host is prior to 2.4.58-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2322 advisory. Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57...

7.5CVSS7AI score0.70595EPSS
Exploits1References8
Amazon
Amazon
added 2023/11/01 12:0 a.m.144 views

Important: httpd

Issue Overview: Out-of-bounds Read vulnerability in modmacro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2023-31122 A flaw was found in httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that...

7.5CVSS6.7AI score0.70595EPSS
Exploits1
OSV
OSV
added 2023/10/23 7:15 a.m.72 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.4AI score
Exploits0References2
OSV
OSV
added 2023/10/23 7:15 a.m.6 views

AZL-43639 CVE-2023-43622 affecting package mod_http2 1.15.14-2

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7AI score0.70595EPSS
Exploits0References1
OSV
OSV
added 2023/10/23 7:15 a.m.3 views

DEBIAN-CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.4AI score0.70595EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/23 6:50 a.m.290 views

CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.7AI score0.70595EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/23 6:50 a.m.22 views

CVE-2023-43622 Apache HTTP Server: DoS in HTTP/2 with initial windows size 0

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

6.6AI score0.70595EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2023/10/23 6:50 a.m.59 views

CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS7.4AI score0.70595EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/10/20 10:56 a.m.64 views

CVE-2023-43622

A flaw was found in the modhttp2 module of httpd. This flaw allows an attacker opening an HTTP/2 connection with an initial window size of 0 to block handling of that connection indefinitely. This vulnerability can exhaust worker resources in the server, similar to the well-known "slow loris"...

7.5CVSS7.2AI score0.70595EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/10/20 1:6 a.m.3 views

SUSE CVE-2023-43622

An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. This has been fixed in...

7.5CVSS8.7AI score0.70595EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.215 views

Apache 2.4.x < 2.4.58 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.58. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds read vulnerability in modmacro of Apache HTTP Server. CVE-2023-31122 - An attacker, opening a HTTP/2 connection with an initi...

7.5CVSS7.2AI score0.70595EPSS
Exploits1References5
Rows per page
Query Builder